<?php
	session_start();
	require('../Model/mysql.php');
	require('../host_config.php');
	if (!isset($_SESSION['shopid']) && isset($_SESSION['flag'])) {
        echo "<script language='javascript'>";
        echo "alert('You have no permission to read this page!');";
        echo "history.back();";
        echo "</script>";
        header("location:../login.php");
    }else if($_SESSION['flag'] == "2") {
    }else if($_SESSION['shopid'] != $_GET['id']) {
    	header("location:select.php?id=".$_SESSION['shopid']);
	}
		$shopid = $_GET['id'];
	
		$mysql = new MySQL();
        $link = $mysql->connect($mysql_host, $mysql_user, $mysql_passwd, $mysql_db);
        
       
        $shopid = mysql_real_escape_string($shopid);
        $clientid = $_POST['clientid'];
        $clientid = mysql_real_escape_string($clientid);
        
        $sql = "SELECT `maxofnumber`, `perordernumber`, `currentnumber` FROM `Shops` WHERE `shopid` = '$shopid'";
        $result = $mysql->query_row($sql, $link);
        $maxofnumber = $result[0];
        $perordernumber = $result[1];
        $currentnumber = $result[2];
        
        if($maxofnumber - $currentnumber < $perordernumber) {
        	echo "<script language='javascript'>";
        	echo "alert('too much!');";
        	echo "self.location.href='client.php?id=$id';";
        	echo "</script>";
        }else {
        	$sql = "UPDATE `Client` SET `flag` = '0' WHERE `clientid` = '$clientid'";
        	$mysql->query($sql, $link);
        	$sql = "SELECT `orderofnum` FROM `Client` WHERE `clientid` = '$clientid'";
        	$result = $mysql->query_row($sql, $link);
        	$ordernumber = $result[0];	
        	$currentnumber = $currentnumber + $ordernumber;
			$sql = "UPDATE `Shops` SET `currentnumber` = '$currentnumber' WHERE `shopid` = '$shopid'";
			$mysql->query($sql, $link);
        }
        
        /*
		$del_number = $_POST["del"];
		$del_number = mysql_real_escape_string($del_number);
		$id = $_GET["id"];
		$id = mysql_real_escape_string($id);
		$temp = 0;
	    $sql = "select all_name, max_number, current from android where id = '$id'";
	    $str = $mysql->query_row($sql, $link);
	    $sql = "SELECT * FROM queue where ShopName = '$str[0]'";
		$max_number = $str[1];
		$current = $str[2];
	    $result = $mysql->query($sql, $link);
	    
		while ($row = mysql_fetch_row($result)) {
			if ($temp == $del_number) {
				$PeoNumber = $row[3];
				if ($max_number - $current < $PeoNumber) {
					echo "<script language='javascript'>";
					echo "alert('too much!');";
					echo "self.location.href='client.php?id=$id';";
					echo "</script>";
					
					//echo '滿了';
					die();
				}else {
					//$sql = "insert into client values('$row[0]', '$row[1]', '$row[2]', '$row[3]', '$row[4]')";
					$sql = "insert into client values(NULL, '$row[1]', '$row[2]', '$row[3]', '$row[4]', '$row[5]', '$row[6]', '$row[7]')";
					$result = $mysql->query($sql, $link);
					$current = $current + $PeoNumber;
					$sql = "update android set current = '$current' where all_name = '$row[1]'";
					$result = $mysql->query($sql, $link);
					//$sql = "delete from queue where ShopName = '$row[0]' and clientName = '$row[1]' and PeoNumber = '$row[2]' and clientPhone = '$row[3]' and CheckTime = '$row[4]'";
					$sql = "delete from queue where ShopName = '$row[1]' and clientName = '$row[2]' and PeoNumber = '$row[3]' and clientPhone = '$row[4]' and CheckTime = '$row[5]' and imsi = '$row[6]'";
					$result = $mysql->query($sql, $link);
					break;
				}
			}
			$temp++;
		}
		*/
		header("location:client.php?id=$shopid");
	}
?>
